If there is no security software on your server to protect your WEB site, then you need to pay attention to some security plugins related to WordPress. As shown above, this is a security plugin called "WP Cerber", which you can search and download in the plugin store (dog head icon).
WP Cerber doesn't have many features, but its practicality is very high. It has the most common security feature "lock IP after too many login errors". This feature in the previous Limit Login Attempts plugin could only prevent locking IP after a real person logs in to the backend and cannot lock attacks from other brute force tools, such as post and get login methods, as well as xml. So I highly recommend WP Cerber.
In addition to locking IP, it also has other functions, such as simple web vulnerability protection. It also has detailed information about visitors, which means you can see specific details about a visitor, such as which page they are on, which browser they are using, and what IP they have, similar to website statistics.
Second Recommendation#
I highly recommend using this plugin in conjunction with Cerber, which can make you almost invincible. Its name is Wordfence Security. This plugin is feature-rich, with powerful firewall settings that can prevent many types of web vulnerability attacks. It can also scan your entire WordPress site to find malware, backdoors, vulnerabilities, and other harmful code.
There are many protective functions and the settings are all over the place, all in English. If you don't understand, you can use the browser's right-click translate feature, which is very easy to understand.
Plugins recommended in this article: WP Cerber and Wordfence Security